# Deployment Guide

## Prerequisites
- Docker Engine 24.0+
- Docker Compose 2.20+
- Domain name (for production)
- SSL certificates (for production)

## Environment Setup

### 1. Clone Repository
```bash
git clone https://github.com/your-org/healthcare-management-system.git
cd healthcare-management-system
```

### 2. Configure Environment
```bash
# Backend
cp backend/.env.example backend/.env
# Edit backend/.env with production values

# Frontend
# Create frontend/.env.local with:
# NEXT_PUBLIC_API_URL=https://api.yourdomain.com/api
```

### 3. Generate Secrets
```bash
cd backend
docker run --rm -v "$(pwd):/app" -w /app php:8.2-cli php -r "echo 'JWT_SECRET=' . base64_encode(random_bytes(32)) . PHP_EOL;"
# Add generated secret to .env
```

## Development Deployment

### Start Services
```bash
docker-compose up -d
```

### Run Migrations
```bash
docker-compose exec app php artisan migrate --seed
```

### Access Application
- Frontend: http://localhost:3000
- API: http://localhost:8080/api
- API Docs: http://localhost:8080/api/documentation

## Production Deployment

### 1. SSL Certificates
Place certificates in `./ssl/`:
```
ssl/
├── fullchain.pem
└── privkey.pem
```

### 2. Production Compose
```bash
docker-compose -f docker-compose.prod.yml up -d --build
```

### 3. Database Setup
```bash
docker-compose exec app php artisan migrate --force
docker-compose exec app php artisan db:seed --force
```

### 4. Optimization
```bash
docker-compose exec app php artisan config:cache
docker-compose exec app php artisan route:cache
docker-compose exec app php artisan view:cache
docker-compose exec app php artisan optimize
```

### 5. File Permissions
```bash
docker-compose exec app chown -R www-data:www-data /var/www/storage
docker-compose exec app chmod -R 755 /var/www/storage
```

## Backup Strategy

### Automated Backups
The production compose includes an automated backup service that:
- Creates daily PostgreSQL dumps
- Stores backups in `./backups/`
- Retains backups for 7 days

### Manual Backup
```bash
# Database
docker-compose exec db pg_dump -U postgres healthcare_db > backup_$(date +%Y%m%d).sql

# Files
tar -czf storage_backup_$(date +%Y%m%d).tar.gz backend/storage/
```

### Restore from Backup
```bash
# Restore database
docker-compose exec -T db psql -U postgres healthcare_db < backup_20240101.sql
```

## Monitoring

### Health Checks
- Application: `GET /health`
- Database: Check PostgreSQL connection
- Redis: Check Redis connection

### Logs
```bash
# Application logs
docker-compose logs -f app

# Nginx logs
docker-compose logs -f webserver

# Database logs
docker-compose logs -f db
```

### Performance
- Enable Laravel Telescope for debugging (development only)
- Monitor with Laravel Horizon for queue processing
- Use New Relic or Datadog for APM

## Security Checklist

- [ ] Change all default passwords
- [ ] Enable HTTPS only
- [ ] Configure firewall rules
- [ ] Set up fail2ban
- [ ] Enable audit logging
- [ ] Regular security updates
- [ ] Database encryption at rest
- [ ] Backup encryption
- [ ] Two-factor authentication for admins
- [ ] Rate limiting enabled
- [ ] CORS properly configured
- [ ] Security headers enabled

## Troubleshooting

### Common Issues

#### Database Connection Failed
```bash
# Check database status
docker-compose ps db
# Check logs
docker-compose logs db
# Verify credentials in .env
```

#### JWT Authentication Errors
```bash
# Regenerate secret
docker-compose exec app php artisan jwt:secret
# Clear cache
docker-compose exec app php artisan cache:clear
```

#### Permission Denied
```bash
docker-compose exec app chown -R www-data:www-data /var/www
docker-compose exec app chmod -R 755 /var/www/storage
```

#### 502 Bad Gateway
```bash
# Check PHP-FPM
docker-compose ps app
docker-compose logs app
# Restart services
docker-compose restart
```

## Scaling

### Horizontal Scaling
```yaml
# Add to docker-compose.prod.yml
services:
  app:
    deploy:
      replicas: 3
```

### Load Balancing
Use Nginx or HAProxy as load balancer across multiple app instances.

### Database Scaling
- Use PostgreSQL read replicas
- Implement connection pooling with PgBouncer
- Consider database sharding for large datasets

## Maintenance

### Regular Tasks
- Weekly: Review logs and error reports
- Monthly: Update dependencies
- Quarterly: Security audit
- Annually: Disaster recovery drill

### Updates
```bash
# Update containers
docker-compose pull
docker-compose up -d

# Update application
docker-compose exec app composer update
docker-compose exec app php artisan migrate
```